Date: Tue, 17 Jun 2025 15:50:46 GMT From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 1396e87a37b6 - main - tcp: count two previously ignored kinds of syncookie failures Message-ID: <202506171550.55HFokc9029590@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=1396e87a37b6d4545d2c7579c31d81d96ba8b816 commit 1396e87a37b6d4545d2c7579c31d81d96ba8b816 Author: Gleb Smirnoff <glebius@FreeBSD.org> AuthorDate: 2025-06-17 15:50:29 +0000 Commit: Gleb Smirnoff <glebius@FreeBSD.org> CommitDate: 2025-06-17 15:50:29 +0000 tcp: count two previously ignored kinds of syncookie failures Reviewed by: tuexen Differential Revision: https://reviews.freebsd.org/D50899 --- sys/netinet/tcp_syncache.c | 3 +++ sys/netinet/tcp_var.h | 2 ++ usr.bin/netstat/inet.c | 6 +++++- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 24ef871c953a..69217ca39ee4 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1097,6 +1097,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, */ if (locked && !V_tcp_syncookies) { SCH_UNLOCK(sch); + TCPSTAT_INC(tcps_sc_spurcookie); if ((s = tcp_log_addrs(inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: Spurious ACK, " "segment rejected (syncookies disabled)\n", @@ -1106,6 +1107,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, if (locked && !V_tcp_syncookiesonly && sch->sch_last_overflow < time_uptime - SYNCOOKIE_LIFETIME) { SCH_UNLOCK(sch); + TCPSTAT_INC(tcps_sc_spurcookie); if ((s = tcp_log_addrs(inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: Spurious ACK, " "segment rejected (no syncache entry)\n", @@ -1119,6 +1121,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, sc = &scs; TCPSTAT_INC(tcps_sc_recvcookie); } else { + TCPSTAT_INC(tcps_sc_failcookie); if ((s = tcp_log_addrs(inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: Segment failed " "SYNCOOKIE authentication, segment rejected " diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index 4d49f5d2a954..d8822c40b17e 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -1015,6 +1015,8 @@ struct tcpstat { uint64_t tcps_sc_zonefail; /* zalloc() failed */ uint64_t tcps_sc_sendcookie; /* SYN cookie sent */ uint64_t tcps_sc_recvcookie; /* SYN cookie received */ + uint64_t tcps_sc_spurcookie; /* SYN cookie spurious, rejected */ + uint64_t tcps_sc_failcookie; /* SYN cookie failed, rejected */ uint64_t tcps_hc_added; /* entry added to hostcache */ uint64_t tcps_hc_bucketoverflow;/* hostcache per bucket limit hit */ diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c index 269afa42e079..139ff9294fde 100644 --- a/usr.bin/netstat/inet.c +++ b/usr.bin/netstat/inet.c @@ -768,8 +768,12 @@ tcp_stats(u_long off, const char *name, int af1 __unused, int proto __unused) p1a(tcps_sc_unreach, "\t\t{:unreachable/%ju} {N:/unreach}\n"); p(tcps_sc_zonefail, "\t\t{:zone-failures/%ju} {N:/zone failure%s}\n"); p(tcps_sc_sendcookie, "\t{:sent-cookies/%ju} {N:/cookie%s sent}\n"); - p(tcps_sc_recvcookie, "\t{:receivd-cookies/%ju} " + p(tcps_sc_recvcookie, "\t{:received-cookies/%ju} " "{N:/cookie%s received}\n"); + p(tcps_sc_spurcookie, "\t{:spurious-cookies/%ju} " + "{N:/spurious cookie%s rejected}\n"); + p(tcps_sc_failcookie, "\t{:failed-cookies/%ju} " + "{N:/failed cookie%s rejected}\n"); xo_close_container("syncache");
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506171550.55HFokc9029590>